feat: add TypeScripts programs to reproduce and demonstrate workaround for importCertificate policy.contentType issue

docs/BugReports.md

@@ -73,33 +73,22 @@ export function certificateImportParametersSerializer(item: CertificateImportPar
 
 ### Reproduction
 
-```typescript
-import { DefaultAzureCredential } from "@azure/identity";
-import { CertificateClient } from "@azure/keyvault-certificates";
-import { readFileSync } from "fs";
+A self-contained runnable script is provided in [`docs/bug-reproduce.ts`](bug-reproduce.ts):
 
-const credential = new DefaultAzureCredential();
-const client = new CertificateClient(
-  "https://<YOUR_VAULT>.vault.azure.net",
-  credential,
-);
-
-// Step 1: import a PEM certificate (works — Azure auto-detects PEM)
-const pemBytes = Buffer.from(readFileSync("cert.pem", "utf8"));
-await client.importCertificate("MyCert", pemBytes, {
-  policy: { contentType: "application/x-pem-file" },
-});
-
-// Step 2: import the same certificate as PFX (fails — policy.contentType is dropped,
-// Azure uses existing PEM policy and rejects the binary PFX bytes)
-const pfxBytes = readFileSync("cert.pfx");
-await client.importCertificate("MyCert", pfxBytes, {
-  password: "pfx-password",
-  policy: { contentType: "application/x-pkcs12" },
-});
-// ^ throws: "The specified PEM X.509 certificate content is in an unexpected format."
+```sh
+KEYVAULT_NAME=<vault> npx tsx docs/bug-reproduce.ts
 ```
 
+The script generates a self-signed certificate, imports it as PEM (Step 1 — succeeds), then attempts to re-import it as PFX with `policy.contentType: "application/x-pkcs12"` (Step 2 — fails with the error above, confirming the bug).
+
+The workaround is demonstrated in [`docs/bug-workaround.ts`](bug-workaround.ts):
+
+```sh
+KEYVAULT_NAME=<vault> npx tsx docs/bug-workaround.ts
+```
+
+This calls `updateCertificatePolicy()` before the PFX import to pre-set the stored `content_type`, allowing the import to succeed.
+
 ---
 
 ### Fix